When I submitted the patches for PolicyKit[1] support a few weeks back Rich suggested that we should have the ability to set UNIX socket permissions and group ownership regardless. So this patch adds that ability. The default setting is still, group=root, and mode=0700 for R/W socket and mode=0777 for the R/O socket. It is possible to override this via the config file eg, Don't allow R/O monitoring unix_sock_ro_perms="0700" eg, Allow any user in 'admin' group to manage VMs unix_sock_group="admin" unix_sock_rw_perms="0770" eg, Allow anyone todo anything unix_sock_rw_perms="0777" NB, the fchgrp, and fchown syscalls don't have any effect on sockets, so to set the group ownership & desired mode, I have to play games with the setgid() and umask() calls prior to bind(), and then restore them to their original values. NB, the virConf apis don't seem to recognise Octal numbers when parsing the config file, so I've used strings for the permissions. Not a big deal really unless someone desperately wants to fix the config file parser... Dan. [1] A new set of patches will be forthcoming soon... -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|